[Snort-users] email problems with ACID

James Lowey unix_no_win at ...131...
Wed Jan 23 12:09:12 EST 2002


Thanks for the help, got email working through PHP
but still having problems email query's  Here is the
output in Debug level 1:

URL: '/acid_qry_main.php' (referred by:
'http://myserver.com/acid_qry_main.php')
         PARAMETERS: ''
         CLIENT: Mozilla/4.0 (compatible; MSIE 5.5;
Windows NT 4.0; T312461)
         SERVER: Apache/1.3.22 (Unix)  (Red-Hat/Linux)
PHP/4.0.6 
         SERVER HW: Linux porky.devel.redhat.com
2.4.5-7smp #1 SMP Tue Jun 26 14:19:49 EDT 2001 i686
unknown
         DATABASE TYPE: mysql  DB ABSTRACTION VERSION:

         PHP VERSION: 4.0.6  PHP API: apache
         SESSION ID: 01d3b9ada5875c75da4682aa62beca98(
67538 bytes )
         
Checking for DB abstraction lib in
'/var/www/html/acid/adodb/adodb.inc.php'
sensor #1: event.cid = 0, acid_event.cid = 0
sensor #2: event.cid = 40680, acid_event.cid = 40680
Added 0 alert(s) to the Alert cache

        new: ''   
        submit: 'Selected'
        sort_order: ''
        num_result_rows: '3360'  current_view: '0'
        layer4: ''  caller: ''
        action: 'email_alert2'  action_arg:
myemail at ...606...'
        
==== ACTION ======
context = 1


==== EXPORT-summary Alerts ========
num_alert = 3360
action_sql = SELECT acid_event.sid, acid_event.cid
FROM acid_event WHERE acid_event.sid > 0 AND ( (
acid_event.ip_src=3492819333 ) )
action_op = Selected
action_arg = myemail at ...606...
action_param = 
context = 1
limit_start = -1
limit_offset = -1
using_blobs = 

Gathering elements from 1 alert blobs
No alerts were selected or the EXPORT-summary was not
successful
-------------------------------------
action_cnt = 0
dup_cnt = 0
num_alert = 3360
==== EXPORT-summary Alerts END ========
Initial/Canned Query or Sort Clicked


SQL (save_sql): SELECT acid_event.sid, acid_event.cid,
signature, timestamp, acid_event.ip_src,
acid_event.ip_dst, acid_event.ip_proto FROM acid_event
WHERE acid_event.sid > 0 AND ( (
acid_event.ip_src=3492819333 ) ) 
Valid Canned Query List 

Array
(
    [last_tcp] => Array
        (
            [0] => 15
            [1] => Last TCP
            [2] => time_d
        )

    [last_udp] => Array
        (
            [0] => 15
            [1] => Last UDP Alerts
            [2] => time_d
        )

    [last_icmp] => Array
        (
            [0] => 15
            [1] => Last ICMP Alerts
            [2] => time_d
        )

    [last_any] => Array
        (
            [0] => 15
            [1] => Last Alerts
            [2] => time_d
        )

)

Query State
caller = ''
num_result_rows = '3360'
sort_order = ''
current_view = '0'
action_arg = 'myemail at ...606...'
action = 'email_alert2'
SELECT acid_event.sid, acid_event.cid, signature,
timestamp, acid_event.ip_src, acid_event.ip_dst,
acid_event.ip_proto FROM acid_event WHERE
acid_event.sid > 0 AND ( (
acid_event.ip_src=3492819333 ) ) 

The query runs fine on the web interface, it just
doesn't send anything when the email comes through
I have set the email type to be in-line however it has
the same result if I change the message mode to
attachment.

Thanks for any help!

James Lowey





--- Saad Kadhi <bsdguy at ...4401...> wrote:
> On Tue, 2002-01-22 at 19:02, James Lowey wrote:
> > Check the mail configuration in PHP
> The code that generated this alert is starting at
> line 642 of
> acid_action.inc. There is a small typo in the name
> of a variable. 
> Instead of:
>   if ( !send_email($mail_recip, $mail_subject,
> $body, $mail_header) )
>      ErrorMessage("EXPORT ERROR: Could not send
> exported alerts to
> '".$message_recip."'.  Check the mail configuration
> in PHP.");  
> it should read:
>   if ( !send_email($mail_recip, $mail_subject,
> $body, $mail_header) )
>      ErrorMessage("EXPORT ERROR: Could not send
> exported alerts to
> '".$mail_recip."'.  Check the mail configuration in
> PHP.");  
> 
> note the change from $message_recip to $mail_recip
> (Roman, can you
> please commit the diff in cvs if this hasn't been
> done already ?). After
> doing this, try again to see if your mail address is
> taken into account.
> Then try to make a small PHP test page that sends
> you email to check
> that your PHP is compiled w/ everything needed for
> email interaction.
> Check the mail() function here:
> http://www.php.net/manual/en/function.mail.php


__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/




More information about the Snort-users mailing list